The following advice is issued following a complaint regarding the release of personal information during the election process for the board. There was no breach of data protection but in the lessons learned a better best practice was identified.
Thank you for all you do to protect the privacy and keep others safe!
We’re so impressed with the care taken in handling people’s personal data (from what we’ve seen) and we want to encourage you to continue!
Specifically, we’re happy to see how many of you are diligent to always ask permission before sharing personal information.
- You may simply ask, “do you mind if I share this with (whatever audience you intend to share it with)?” e.g., “do you mind if I put this in my newsletter, if I share it with my church for them to pray, if I send it to Malcolm?”
- Some of you reported that it’s helpful to ask, “is there anything that should be changed or “anonymyzed” before I share this with audience?” (e.g., maybe it’s okay to share language, place, or people names with a small group, but these should be changed before sharing more broadly).
- Be clear (in writing)
- What information you plan to share
- Who you plan to share it with, AND
- That you have permission (consent) to share this information with that individual or group.
- Sharing information using a link to a document rather than including as an attachment helps “unintentional sharing by forwarding on”. It also allows you to remove or change information.
- When sharing a link, that link should be “closed”: only accessible to a specific audience. For instance if you use Google Docs:
- You might share the link with “everyone in your organization” if you have permission to share information with everyone in SIL.*
- Or share with the specific individuals you have permission to share with
- Or share with another group (such as SIL members). Your IT department can help you set up Google Groups you may need.
- AND it likely means you will never share a Google Doc with personal information with “anyone with the link” because the audience is the general public, including those who have intentions to harm SIL or its staff.
*Until email cleanup is complete, there is a risk here as there remain non-SIL account holders of SIL corporate accounts. Until email cleanup has been completed, technically you should ask if you can share it with anyone with a SIL corporate email account.
Any question please send them to Keith_Robinson@SIL.org as the SIL data protection officer.
Actions Requested of HR and SIL Leaders
Please ensure this is casaded to Area Directors and their leadership teams and Unit leader.
AO’s please note how SIL is continually trying to improve its protection of your members’ information.